摘要:
本文介紹了本機盜取U盤文件和為增強程序隱蔽性而采用的進程隱藏技術的原理解析,源代碼基于Win32的應用程序(Win32-based applications)編寫,VC 6.0環境下編譯通過。文章詳細敘述了操作系統如何將USB端口狀態改變通知系統中的運行進程,運行進程如何利用操作系統發送的消息判斷USB接口中有可移動存儲設備插入。作為關鍵部分,文章用較大篇幅介紹了本設計采用的利用API HOOK(掛接 SSDT)技術實現進程隱藏(基于Windows NT系統)原理和編程思想。作為日志記錄部分,本設計采用ODBC API + Microsoft Access數據庫實現。
關鍵詞:
盜取U盤文件;進程隱藏;API HOOK ;掛接SSDT ;ODBC API;Microsoft Access
A malicious software design for stealing USB flash disk files based on local machine
Abstract:
This paper introduces stealing USB Flash Disk files in local machine, and the common process concealment technologies used in Windows-NT operating system environment. The source code for application was written based on Win32 (Win32-based applications) and compiled successfully in VC 6.0 environment. It describes, in detail, how the operating system send messages ,for the notification of USB port status changes ,to the running processes, the process which received messages how to judge a portable storage device is plugged. As key parts of design, the theory of API HOOK (hooking SSDT) technology for the hidden process (based on Windows NT operating systems) and programming ideas were introduced by large spaces. In log recording chapter, the design was implemented by ODBC API and Microsoft Access database.
Keywords:
Win32-based applications; concealing running processes; API HOOK; hooking SSDT; ODBC API; Microsoft Access
